Within the last couple weeks, I've noticed some strange things with my laptop. First, I'd have this installer type window popping up. It'd ask me to select a language for the installation. The strange thing was, in the taskbar / the CTRL+alt+delete program manager, the install program wasn't named or titled. I didn't know what it was trying to install! Every time it came up, which was probably a total of three or four times, I X-ed out of it. It'd freeze for a moment, and then close.
About a week ago, AVG was doing it's daily scan and found a rootkit within Google Chrome, the main browser I use. It said it wasn't removed, so I went into AVG, and removed it.
And then something else started. I'd be doing my thing, whatever, on Google Chrome. All of the sudden, a new window would open, or the one I was working on would go to some OpinionMart page. It's NOT a pop-up - either a new tab within Google Chrome, or the same tab I was on. I kept thinking I was accidentally clicking an ad or something, but I realized that wasn't it, when I've gotten that page at least three times, and it's pulled up while I was away from the computer.
Also, something new has happened today. I was doing my business, writing an essay in Open Office, with Google Chrome running. I had the following tabs up: Tumblr, Yahoo email, and Google. I switched over to Tumblr, began scrolling down the page, and all of the sudden Google Chrome asks me the usual 'are you sure you want to download this, this type of file can harm your computer' warning you get at the bottom of the window, when you try download something. Thinking I accidentally clicked something, I said no, don't download, but whatever it was starting downloading anyways. I quickly closed the window, but not before getting a look at the title of the download: 9LcankSr.htm
I have scanned with a fully-updated version of Malwarebytes: Anti-Malware, scanned with AVG, and scanned with ESET online scanner. Nothing! But I know something is up, so please help me.
Thank you so much,
I'm not sure if this is the same rootkit that AVG removed, but I was going through my virus vault, and saw this had been removed: PWS-spyeye.env.a
Edited by caccigirl, 21 August 2011 - 08:44 AM.